Testing confirms the performance costs associated with applying hypervisor-specific mitigations on vSphere for CVE-2018-12207.
Performance conclusions are as follows:
- Enterprise class workloads: Testing consistently showed a performance impact of 5% or less for enterprise class workloads, including Databases, mixed workload server consolidation scenarios, and virtual desktop infrastructure (VDI)
- Nested virtualization and Microsoft Virtualization-Based Security (VBS): Testing showed a significant performance impact when applied to nested virtualized environments on ESXi. Windows VBS uses virtualization, enabling it on ESXi results in nested virtualization. It is strongly recommend testing is performed in an isolated environment before deciding to deploy this ESXi mitigation more broadly to nested or VBS enabled environments. Refer to KB 313547 for support information related to nested ESXi environments.